A Vehicle Management End-to-End Testing and Analysis Platform for Validation of Mission 
and Eault Management Algorithms to Reduce Risk for NASA’s Space Eaunch System 

The engineering development of the new Space Eaunch System (SLS) launch vehicle requires 
cross discipline teams with extensive knowledge of launch vehicle subsystems, information theory, 
and autonomous algorithms dealing with all operations from pre-launch through on orbit 
operations. The characteristics of these spacecraft systems must be matched with the autonomous 
algorithm monitoring and mitigation capabilities for accurate control and response to abnormal 
conditions throughout all vehicle mission flight phases, including precipitating sating actions and 
crew aborts. This presents a large and complex system engineering challenge, which is being 
addressed in part by focusing on the specific subsystems involved in the handling of off-nominal 
mission and fault tolerance with response management. Elsing traditional model based system and 
software engineering design principles from the Elnified Modeling Eanguage (LIME) and Systems 
Modeling Eanguage (SysME), the Mission and Eault Management (M&EM) algorithms for the 
vehicle are crafted and vetted in specialized Integrated Development Teams (IDTs) composed of 
multiple development disciplines such as Systems Engineering (SE), Elight Software (ESW), 
Safety and Mission Assurance (S&MA) and the major subsystems and vehicle elements such as 
Main Propulsion Systems (MPS), boosters, avionics. Guidance, Navigation, and Control (GNC), 
Thrust Vector Control (TVC), and liquid engines. These model based algorithms and their 
development lifecycle from inception through Plight Software certification are an important focus 
of this development effort to further insure reliable detection and response to off-nominal vehicle 
states during all phases of vehicle operation from pre-launch through end of flight. 

NASA formed a dedicated M&PM team for addressing fault management early in the development 
lifecycle for the SES initiative. As part of the development of the M&FM capabilities, this team 
has developed a dedicated testbed that integrates specific M&FM algorithms, specialized nominal 
and off-nominal test cases, and vendor-supplied physics-based launch vehicle subsystem models. 
Additionally, the team has developed processes for implementing and validating these algorithms 
for concept validation and risk reduction for the SES program. The flexibility of the Vehicle 
Management End-to-end Testbed (VMET) enables thorough testing of the M&FM algorithms by 
providing configurable suites of both nominal and off-nominal test cases to validate the developed 
algorithms utilizing actual subsystem models such as MPS. The intent of VMET is to validate the 
M&FM algorithms and substantiate them with performance baselines for each of the target vehicle 
subsystems in an independent platform exterior to the flight software development infrastructure 
and its related testing entities. 

In any software development process there is inherent risk in the interpretation and implementation 
of concepts into software through requirements and test cases into flight software compounded 
with potential human errors throughout the development lifecycle. Risk reduction is addressed by 
the M&FM analysis group working with other organizations such as S&MA, Structures and 
Environments, GNC, Orion, the Crew Office, Flight Operations, and Ground Operations by 
assessing performance of the M&FM algorithms in terms of their ability to reduce Eoss of Mission 
and Eoss of Crew probabilities. In addition, through state machine and diagnostic modeling, 
analysis efforts investigate a broader suite of failure effects and associated detection and responses 
that can be tested in VMET to ensure that failures can be detected, and confirm that responses do 
not create additional risks or cause undesired states through interactive dynamic effects with other 
algorithms and systems. VMET further contributes to risk reduction by prototyping and exercising 



the M&FM algorithms early in their implementation and without any inherent hindranees sueh as 
meeting FSW processor scheduling constraints due to their target platform - ARINC 653 
partitioned OS, resource limitations, and other factors related to integration with other subsystems 
not directly involved with M&FM such as telemetry packing and processing. The baseline plan 
for use of VMET encompasses testing the original M&FM algorithms coded in the same C++ 
language and state machine architectural concepts as that used by Flight Software. This enables 
the development of performance standards and test cases to characterize the M&FM algorithms 
and sets a benchmark from which to measure the effectiveness of M&FM algorithms performance 
in the FSW development and test processes. 



